[dns-operations] dropping fragmented requests
Doug Porter
dsp at dsp.name
Fri Apr 8 22:29:34 UTC 2016
I think fragmented queries to Route53 already don't work. Maybe you
recently blocked it? Maybe frags are ending up on different anycast
servers due to the 5-tuple ecmp hash? The latter is the reason it
doesn't work in my environment. We've not observed any problems after
years of running this way.
0 # dig @205.251.199.224
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com. a
+short
0 # ip route add 205.251.199.224/32 via 158.85.191.65 mtu 68
0 # dig @205.251.199.224
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com. a
+short
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>>
@205.251.199.224
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com. a
+short
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
9 #
The above test was done on an EC2 machine. I also tested against a
different server I operate where frags do work to confirm the test
setup was valid.
--
dsp
More information about the dns-operations
mailing list